It is important to understand how to make sure your telehealth video app is HIPAA compliant so that your patients information can be secured properly. For discussion purposes, we will consider a telehealth application where patients may search for doctors and then schedule a video consultation with them.

To keep it simple, let’s focus on the healthcare provider directory and the patient’s video consultation. When the patient is booking a consultation with their doctor, these are example areas that should be considered private information:

Patient Name, username.

Patient Zip Code, region they are searching in.

Patient Address, account information.

Any notes the patient has on their profile about past treatments or medical conditions.

Reviews of the doctor by past patients must be anonymized. No usernames or dates of treatments should be shared by past patients. A 1-5 star rating for examples is fine, but a testimonial that identifies the past patient or shares details about their treatment is unacceptable.

Details on numbers of patients treated in the past by that doctor in a particular region.

Any payment information or healthcare plan information supplied by the patient must be protected.

Once the patient is speaking with the doctor in the video chat session, a tool with the following features ensures that patient information is protected:

Video chat must be secure and encrypted (WebRTC helps with this since the video/audio transmission are encrypted in-transit).

Any recordings of the session should be done only with patient consent and must be securely stored, so that others cannot access it without proper authorization.

Any text chat between provider/patient should be encrypted if stored in a database, or not stored at all.

Any notes that the provider or patient take in the tool should also be encrypted and treated as an electronic medical record private to that patient.

Any files exchanged between the provider and patient must be encrypted in-transit (the WebRTC Data Channel can do this) and, if stored, must be securely stored with only access to authorized users.

If any images or screenshots are saved in the application, then they must also be securely stored and only accessible to authorized users.

Learn More

Think a Telehealth Solution may be right for your healthcare business?

We have a telehealth platform that is already built and can be quickly white-labeled and licensed for your use. We have decades of experience with over 200,000 hours invested in building real-time applications. You can read a client testimonial here.

Contact us today. We’ll help you get your user-friendly, HIPAA-compliant app — up and running with both the provider and patient in mind.